INTRODUCTION

In the aftermath of the financial crisis of 2008, boards of directors have taken a much more active role in risk governance and oversight. This is partly the result of regulation, but it also makes solid business sense, which is why the trend appears to be gaining steam as stakeholder expectations continue to rise. Boards are growing more cognizant of how ERM can benefit the organization, improve relations with key stakeholders, and satisfy heightened regulations worldwide.

Among the key groups that provide independent risk monitoring—boards, auditors, regulators, rating agencies, and institutional investors—the board of directors is unique in its direct responsibility for ensuring sound risk management and the degree of leverage it has for doing so. At most organizations, corporate management bends over backward to satisfy board demands. By asking tough questions and establishing high expectations for ERM, the board can set the tone from the top and effect significant change in the risk culture and practices of an organization.¹

Studies indicate that boards are recognizing the importance of ERM and are making significant changes as a result. For one thing, the world is getting riskier. According to a 2013 survey by the Association for Financial Professionals (AFP), 59% of firms face greater earnings uncertainty relative to five years earlier.² Respondents also expect risks to increase in the next two years. In another study that same ...